[opensuse-buildservice] [api] ACL 'access' rewrite for 2.2
Hi all! Available in git HEAD is now the rewritten ACL support for the "access" flag. http://gitorious.org/opensuse/build-service/commits/master The checks were moved into the db_project/db_package model and are thus access-protected/hidden projects don't show up at all instead of the old solution which removed them from the lists in the controllers. Currently we support hiding the projects and grant access to users listed in the project. To enable this feature, add to your meta prj <access> <disable/> </access> Adrian will roll new unstable packages shortly. Testing and feedback very welcome. Todo: * add support for Vivian's LDAP group patches * cleanups * remoteprojects need testing * bugfixing Best, Jan-Simon -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Saturday 27 November 2010 23:35:08 Jan-Simon Möller wrote: ...
Adrian will roll new unstable packages shortly.
Packages from openSUSE:Tools:Unstable with version 2.1.66 contain this first snapshot. It contains also a fix for OBS interconnect. The client side support was broken in last weeks "git master" code branch.
Testing and feedback very welcome.
Todo: * add support for Vivian's LDAP group patches * cleanups * remoteprojects need testing * bugfixing
We currently know that there is a leak in the webui. It does cache independend of the user and may grant access or show content of hidden projects to others. Otherwise the protection should be complete, even though there are still some documented broken test cases and also some wanted logic changes. If you have an idea to expose content of an "access" disable project, feel free to try it and to report. And of course, there can't be enough people to review this security relevant code ;) thanks adrian -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (2)
-
Adrian Schröter
-
Jan-Simon Möller